Discovered a New Trojan for Mac

Analysts on Information Security by company Intego discovered a new type of Trojan that infects Mac computers. The data presented indicate a relationship with the Syrian group of hackers Syrian Electronic Army, responsible for numerous attacks recently.

The company Intego, engaged in release of antivirus software, said in a blog post about finding a hacker attack aimed at the owners of computers Apple Mac.

Sample Trojan, with which the attack was carried out, was sent to Intego by a user in Belarus. At the moment, the command server, which connects to the malicious application is idle and does not send to the computers of victims of any team.

Intego experts suggest that a Trojan was distributed by e-mail and via infected websites masquerading as an image file with the name of kissing couple DSC00117 – like file photo taken with a digital camera. When a user tried to open it, the Trojan copies itself to / Users / Shared / UserEvent.app and created the file ~ / Library / LaunchAgents / UserEvent.System.plist to run UserEvent.app.

As a result, in the operating system created a permanent backdoor – a loophole that allows remote hackers to gain access to a victim’s computer. Examining the Trojans, experts have found that after installing in the system he send the data of the infected PC to a remote server, and tried to download image from the server to the victim’s computer.

Discovered Trojan poses no threat to the majority of users, as performed with the help of the attack directed only to certain communities, experts say Intego: in particular, activists and journalists who oppose the government.

Source of the attack specialists Intego is not mentioned, however, based on the nature of the image, which tried to download a trojan on the victim’s computer, you can make a clear conclusion about the relationship with the Syrian hacker group “Syrian electronic army”, Syrian Electronic Army (SEA), acting in support of Syrian President Bashar Hafez al-Assad.

Targets of the attackers also remain unclear. However, it is worth recalling that the SEA has recently claimed responsibility for the attack on the web site of major U.S. publications The New York Times, Washington Post and other popular resources.